diff options
author | tb <> | 2023-12-26 09:04:30 +0000 |
---|---|---|
committer | tb <> | 2023-12-26 09:04:30 +0000 |
commit | a56949a8de0a08fd86e9dd8801959cc3f0e09781 (patch) | |
tree | 8d00017df4520e4a3984b24d36feccf3d87160c4 /src/lib/libssl/man/SSL_get_finished.3 | |
parent | 94232d2a9c3fa826a4ec1c6d72bfdcf48e3698b4 (diff) | |
download | openbsd-a56949a8de0a08fd86e9dd8801959cc3f0e09781.tar.gz openbsd-a56949a8de0a08fd86e9dd8801959cc3f0e09781.tar.bz2 openbsd-a56949a8de0a08fd86e9dd8801959cc3f0e09781.zip |
EVP_CipherInit(): remove cleanup call
There is a bizarre EVP_CIPHER_CTX_cleanup() call in EVP_CipherInit()
leading to a subtle behavior difference with EVP_CipherInit_ex().
The history is that before EVP_CIPHER_CTX was made opaque, a context would
often live on the stack (hello, MariaDB) and the EVP_CIPHER_CTX_cleanup()
call was in fact an EVP_CIPHER_CTX_init() which just zeroes out the struct.
The problem with doing this is that on context reuse there could be data
hanging off it, causing leaks. Attempts were made to clean up things in
EVP_CipherFinal*(), but that broke applications reaching into the context
afterward, so they were removed again. Later on, opacity allowed changing
the _init() to a _cleanup() since EVP_CIPHER_CTX could no longer live on
the stack, so it would no longer contain garbage. I have to correct myself:
it would no longer contain stack garbage.
Now: EVP_CipherInit_ex() does some extra dances to preserve the AES key
wrap flag, which is cleared unconditionally in EVP_CipherInit(). That's
annoying to document and very likely never going to be an issue in the
wild: you'd need to do key wrap and then use the same context for use
with a cipher that does not allow key wrap for this to make a difference.
This way, all our EVP_{Cipher,Decrypt,Encrypt}*_ex() functions are now
trivially wrapped by their non-_ex() versions.
ok jsing
Diffstat (limited to 'src/lib/libssl/man/SSL_get_finished.3')
0 files changed, 0 insertions, 0 deletions